Code infiltration using prepared torrent files in µTorrent [Update]
Manipulated torrent files can trigger a buffer overflow in the latest version of the popular BitTorrent client µTorrent. An attacker could infiltrate and execute arbitrary code if a user opens a manipulated .torrent file.
.torrent files may contain 'announce' fields. If the entry is longer than 4800 bytes, an internal µTorrent buffer overflows. A demonstration program, which demonstrates the vulnerability under Windows 2000 and Windows XP with Service Pack 1, has now appeared on the milw0rm exploit archive.
µTorrent 1.6 build 474 is affected, older version may also contain the bug. A new version to fix the problem is not yet available. Users of the µTorrent client should either avoid torrents from untrusted sources or switch to a different BitTorrent client.
Update:
The developers released µTorrent 1.6.1 build 489 which fixes the bug.
- Demonstration exploit on milw0rm
(trk)